A Trojan-horse style virus is targeting Android smartphone users.
Experts say it can steal users' login data.
The deceptive software poses as an Adobe Flash Player update.
The fake apps are created by developers with “Marcher.”
They can take login credentials from at least 40 different retail, social media and banking apps.
Once a user attempts to download an infected app, a pop-up window will request to update the Flash player.
To avoid Marcher, Android users shouldn't download from unknown sources.
The apps won't be found in the Google Play Store, but on third-party sites.